Elasticsearch | Marketplace

Details
Content
Dependencies
Version History

Search for and analyze data in real time. Supports version 6 and later.

Elasticsearch is the distributed search and analytics engine at the heart of the Elastic Stack and where the indexing, search, and analysis magic happens.
Elasticsearch offers speed and flexibility to handle data in a wide variety of use cases.

What does this pack do?

This pack provides an integration with the Elasticsearch API and allows you to

Query Elasticsearch instances using DSL, EQL and Lucene syntaxes.
Search an index in Elasticsearch
Index a document into an Elastisearch index.

In addition, you can fetch incidents with predefined query.

Pack Contributors:

Joel Cuter
Martin Ohl

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

What does this pack do?

This pack provides an integration with the Elasticsearch API and allows you to

Query Elasticsearch instances using DSL, EQL and Lucene syntaxes.
Search an index in Elasticsearch
Index a document into an Elastisearch index.

In addition, you can fetch incidents with predefined query.

Pack Contributors:

Joel Cuter
Martin Ohl

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Classifiers

Name	Description
Elasticsearch - Incoming Mapper

Incident Fields

Name	Description
Elasticsearch Host
Elasticsearch Event info
Elasticsearch index
Elasticsearch Timestamp
Elasticsearch Source
Elasticsearch Machine

Incident Types

Name	Description
Elasticsearch

Integrations

Name	Description
Elasticsearch v2	Search for and analyze data in real time. Supports version 6 and later.

Classifiers

Name	Description
Elasticsearch - Incoming Mapper

Incident Fields

Name	Description
Elasticsearch Event info
Elasticsearch index
Elasticsearch Timestamp
Elasticsearch Machine
Elasticsearch Host
Elasticsearch Source

Incident Types

Name	Description
Elasticsearch

Integrations

Name	Description
Elasticsearch v2	Search for and analyze data in real time. Supports version 6 and later.
Elasticsearch Event Collector	Search for and analyze data in real time. Supports version 6 and later.

Required Content Packs (1)

Pack Name	Pack By
Base	By: Cortex XSOAR

Optional Content Packs (1)

Pack Name	Pack By
Common Types	By: Cortex XSOAR

All level dependencies (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Aggregated Scripts	By: Cortex XSOAR

1.4.7 - 10080090 (June 11, 2026)

Integrations

Elasticsearch v2

Added the Fields to Fetch parameter, a comma-separated list of fields to fetch (the _source field is always included).

Related pull requests:
- 44593
- 44222

Download

1.4.6 - 8624674 (April 30, 2026)

Integrations

Elasticsearch v2

Updated the Docker image to: demisto/elasticsearch:1.0.0.8425368.

Related pull requests:
- 44107

Download

1.4.5 - 8479105 (April 26, 2026)

Mappers

Elasticsearch - Incoming Mapper

Documentation and metadata improvements.

Related pull requests:
- 43869

Download

1.4.4 - 8359356 (April 19, 2026)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 43921

Download

1.4.3 - 8210013 (April 13, 2026)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 43748

Download

1.4.2 - 7850318 (March 23, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43567

Download

1.4.1 - 6758702 (January 18, 2026)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 42701

Download

1.3.38 - 6565142 (January 5, 2026)

Integrations

Elasticsearch v2

Added support for Authorization type parameter that choose your auth type.
For API key authentication, enter API key ID and API key.
For basic authentication and bearer authentication, enter username and password.
Added support for API key ID and API key parameters that use for api key auth.
Added support for bearer auth authorization type.
Updated the Docker image to: demisto/elasticsearch:1.0.0.5954979.

Related pull requests:
- 42112

Download

1.3.37 - 6046045 (November 27, 2025)

Integrations

Elasticsearch v2

Fixed an issue in the fetch incidents mechanism where a query did not correctly combine with the time field query, causing potential query mismatches.
Added support for timezone offset in the fetch incidents mechanism.

Related pull requests:
- 41895

Download

1.3.36 - 5940029 (November 20, 2025)

Integrations

Elasticsearch v2

Updated the Docker image to: demisto/elasticsearch:1.0.0.4861252.

Related pull requests:
- 41956

Download

1.3.35 - 5636304 (October 29, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41629

Download

1.3.34 - R5469292 (October 20, 2025)

Incident Fields

Elasticsearch Source
Documentation and metadata improvements.
Elasticsearch Timestamp
Documentation and metadata improvements.
Elasticsearch Machine
Documentation and metadata improvements.
Elasticsearch Event info
Documentation and metadata improvements.
Elasticsearch Host
Documentation and metadata improvements.
Elasticsearch index
Documentation and metadata improvements.

Incident Types

Elasticsearch
Documentation and metadata improvements.

Mappers

Elasticsearch - Incoming Mapper

Documentation and metadata improvements.

Related pull requests:
- 40523

Download

1.3.33 - R3980324 (June 26, 2025)

Integrations

Elasticsearch v2

Added the es-esql-search command to run ES|QL queries.

Related pull requests:
- 40117
- 40112

Download

1.4.7 - 10080090 (June 11, 2026)

Integrations

Elasticsearch v2

Added the Fields to Fetch parameter, a comma-separated list of fields to fetch (the _source field is always included).

Related pull requests:
- 44593
- 44222

Download

1.4.6 - 8624674 (April 30, 2026)

Integrations

Elasticsearch v2

Updated the Docker image to: demisto/elasticsearch:1.0.0.8425368.

Related pull requests:
- 44107

Download

1.4.5 - 8479105 (April 26, 2026)

Mappers

Elasticsearch - Incoming Mapper

Documentation and metadata improvements.

Related pull requests:
- 43869

Download

1.4.4 - 8359356 (April 19, 2026)

Integrations

Elasticsearch Event Collector

Documentation and metadata improvements.

Related pull requests:
- 43921

Download

1.4.3 - 8210013 (April 13, 2026)

Integrations

Elasticsearch Event Collector

Documentation and metadata improvements.

Related pull requests:
- 43748

Download

1.4.2 - 7850318 (March 23, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43567

Download

1.4.1 - 6758702 (January 18, 2026)

Integrations

Elasticsearch Event Collector

Added the provider field to the ElasticsearchEventCollector integration.

Related pull requests:
- 42701

Download

1.3.38 - 6565142 (January 5, 2026)

Integrations

Elasticsearch v2

Added support for Authorization type parameter that choose your auth type.
For API key authentication, enter API key ID and API key.
For basic authentication and bearer authentication, enter username and password.
Added support for API key ID and API key parameters that use for api key auth.
Added support for bearer auth authorization type.
Updated the Docker image to: demisto/elasticsearch:1.0.0.5954979.

Related pull requests:
- 42112

Download

1.3.37 - 6046045 (November 27, 2025)

Integrations

Elasticsearch v2

Fixed an issue in the fetch incidents mechanism where a query did not correctly combine with the time field query, causing potential query mismatches.
Added support for timezone offset in the fetch incidents mechanism.

Related pull requests:
- 41895

Download

1.3.36 - 5940029 (November 20, 2025)

Integrations

Elasticsearch v2

Updated the Docker image to: demisto/elasticsearch:1.0.0.4861252.

Related pull requests:
- 41956

Download

1.3.35 - 5636304 (October 29, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41629

Download

1.3.34 - R5469292 (October 20, 2025)

Incident Fields

Elasticsearch Source
Documentation and metadata improvements.
Elasticsearch Timestamp
Documentation and metadata improvements.
Elasticsearch Machine
Documentation and metadata improvements.
Elasticsearch Event info
Documentation and metadata improvements.
Elasticsearch Host
Documentation and metadata improvements.
Elasticsearch index
Documentation and metadata improvements.

Incident Types

Elasticsearch
Documentation and metadata improvements.

Mappers

Elasticsearch - Incoming Mapper

Documentation and metadata improvements.

Related pull requests:
- 40523

Download

1.3.33 - R3980324 (June 26, 2025)

Integrations

Elasticsearch v2

Added the es-esql-search command to run ES|QL queries.

Related pull requests:
- 40117
- 40112

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	July 20, 2020
Last Release	June 11, 2026

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

By downloading or using Marketplace content, you agree to the applicable Terms of Use and End User License Agreement. Third-party content is provided by its publisher, and Palo Alto Networks does not warrant, endorse, support, or assume responsibility for content not expressly identified as owned by Palo Alto Networks.